May 5, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
New Attack Method Targets Microsoft Management Console Files – Active IOCs
June 26, 2024Multiple Adobe Experience Manager Vulnerabilities
June 26, 2024New Attack Method Targets Microsoft Management Console Files – Active IOCs
June 26, 2024Multiple Adobe Experience Manager Vulnerabilities
June 26, 2024
Severity
High
Analysis Summary
CVE-2023-46148 CVSS:8.8
Themify Ultra theme for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by missing authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVE-2023-36683 CVSS:6.5
Schema Pro Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to executing a certain higher privileged action.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2023-46148
- CVE-2023-36683
Affected Vendors
WordPress
Affected Products
- Themify Ultra theme for WordPress 7.3.5
- WordPress Schema Pro 2.7.8
Remediation
Upgrade to the latest version of WordPress, available from the WordPress Plugin Directory.
